Springboot+jwt完成登錄認證

實體Entity

package com.example.demo.Entity;
import javax.persistence.*;
@Table
@Entity(name="redis")
public class SysRedis{
   
   
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private int id;
    private String password;
    private String username;
    public int getId() {
   
   
        return id;
    }
    public void setId(int id) {
   
   
        this.id = id;
    }
    public String getPassword() {
   
   
        return password;
    }
    public void setPassword(String password) {
   
   
        this.password = password;
    }
    public String getUsername() {
   
   
        return username;
    }
    public void setUsername(String username) {
   
   
        this.username = username;
    }

    public SysRedis(String username,String password){
   
   
        this.username = username;
        this.password = password;
    }


}

Dao層（省略）
Service層

  public boolean login(SysRedis user);
    public List<SysRedis> getList();

ServiceImpl層

package com.example.demo.Service.ServiceImpl;
import com.example.demo.Entity.SysRedis;
import com.example.demo.Service.SysRedisSerivce;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.List;
@Service
public class SysServiceImpl implements SysRedisSerivce{
   
   
    @Override
    public boolean login(SysRedis user) {
   
   
        String username = user.getUsername();
        String password = user.getPassword();
        if(username.equals("king") && password.equals("123")){
   
   
            return true;
        }
        return false;
    }
    @Override
    public List<SysRedis> getList() {
   
   
        SysRedis user1= new SysRedis("king1","12345");
        SysRedis user2 = new SysRedis("king2","12345");
        SysRedis user3 = new SysRedis("king3","12345");
        List<SysRedis> list = new ArrayList<>();
        list.add(user1);
        list.add(user2);
        list.add(user3);
        return list;
    }
}

Controller層

package com.example.demo.Controller;
import com.example.demo.Entity.SysRedis;
import com.example.demo.Service.SysRedisSerivce;
import com.example.demo.Unti.TokenUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Controller
public class SysRedisController {
   
   
    @Autowired
    private SysRedisSerivce sysRedisSerivce;
    @PostMapping("/login")
    @ResponseBody
    public Map<String,Object> login(String username, String password){
   
   
        Map<String,Object> map = new HashMap<>();
        SysRedis user = new SysRedis(username,password);
        if(sysRedisSerivce.login(user)){
   
   
            String token = TokenUtil.sign(user);
            if(token != null){
   
   
                map.put("code", "10000");
                map.put("message", "認證成功");
                map.put("token", token);
                return map;
            }
        }
        map.put("code", "0000");
        map.put("message", "認證失敗");
        return map;
    }
    @PostMapping("/getList")
    public List<SysRedis> getList(){
   
   
        List userList = sysRedisSerivce.getList();
        return userList;

    }

}

package com.example.demo.Unti;

import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.ArrayList;
import java.util.List;

public class IntercepterConfig implements WebMvcConfigurer {
   
   

    private TokenInterceptor tokenInterceptor;

    //構造方法
    public IntercepterConfig(TokenInterceptor tokenInterceptor){
   
   
        this.tokenInterceptor = tokenInterceptor;
    }
    @Override
    public void addInterceptors(InterceptorRegistry registry){
   
   
        List<String> excludePath = new ArrayList<>();
        excludePath.add("/user_register"); //註冊
        excludePath.add("/login"); //登錄
        excludePath.add("/logout"); //登出
        excludePath.add("/static/**");  //靜態資源
        excludePath.add("/assets/**");  //靜態資源
        registry.addInterceptor(tokenInterceptor)
                .addPathPatterns("/**")
                .excludePathPatterns(excludePath);
        WebMvcConfigurer.super.addInterceptors(registry);
    }
}

package com.example.demo.Util;

import com.alibaba.fastjson.JSONObject;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;

@Component
public class TokenInterceptor implements HandlerInterceptor {
   
   
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception{
   
   

        if(request.getMethod().equals("OPTIONS")){
   
   
            response.setStatus(HttpServletResponse.SC_OK);
            return true;
        }
        response.setCharacterEncoding("utf-8");
        String token = request.getHeader("admin-token");
        if(token != null){
   
   
            boolean result = TokenUtil.verify(token);
            if(result){
   
   
                System.out.println("通過攔截器");
                return true;
            }
        }
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        PrintWriter out = null;
        try{
   
   
            JSONObject json = new JSONObject();
            json.put("success","false");
            json.put("msg","認證失敗，未通過攔截器");
            json.put("code","50000");
            response.getWriter().append(json.toJSONString());
            System.out.println("認證失敗，未通過攔截器");
            //        response.getWriter().write("50000");
        }catch (Exception e){
   
   
            e.printStackTrace();
            response.sendError(500);
            return false;
        }
        return false;
    }



}

package com.example.demo.Unti;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.example.demo.Entity.SysRedis;

import java.util.Date;

public class TokenUtil {
   
   
    private static final long EXPIRE_TIME= 15*60*1000;
    private static final String TOKEN_SECRET="token123";  //密鑰鹽


    /**
     * 簽名生成
     * @param user
     * @return
     */
    public static String sign(SysRedis user){
   
   

        String token = null;
        try {
   
   
            Date expiresAt = new Date(System.currentTimeMillis() + EXPIRE_TIME);
            token = JWT.create()
                    .withIssuer("auth0")
                    .withClaim("username", user.getUsername())
                    .withExpiresAt(expiresAt)
                    // 使用了HMAC256加密算法。
                    .sign(Algorithm.HMAC256(TOKEN_SECRET));
        } catch (Exception e){
   
   
            e.printStackTrace();
        }
        return token;

    }
    /**
     * 簽名驗證
     * @param token
     * @return
     */
    public static boolean verify(String token){
   
   
        try {
   
   
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET)).withIssuer("auth0").build();
            DecodedJWT jwt = verifier.verify(token);
            System.out.println("認證通過：");
            System.out.println("issuer: " + jwt.getIssuer());
            System.out.println("username: " + jwt.getClaim("username").asString());
            System.out.println("過期時間：      " + jwt.getExpiresAt());
            return true;
        } catch (Exception e){
   
   
            return false;
        }

    }
}

postman